RCMS Cheat Sheet 2026
The 30 highest-yield RCMS facts, distilled from real exam questions. Print it, save it as a PDF, or study it here — free, no sign-up.
100 questions
150 min time limit
70.00% to pass
- Which document records risk identification and evaluation? → Risk register.
- What is a whistleblower in corporate governance? → Someone reporting misconduct.
- Which financial statement fraud scheme involves recording revenue that has not been earned? → Fictitious revenue scheme
- Which of the following is the best example of a detective control in a fraud prevention framework? → Surprise audits of petty cash funds
- Under the Dodd-Frank Act, which entities are required to file annual compliance reports with their applicable regulator? → Swap dealers and major swap participants registered with the CFTC
- What role does a compliance officer play? → Overseeing compliance activities.
- What is the primary legal protection afforded to internal whistleblowers under SOX Section 806? → Protection from termination, demotion, or harassment for reporting suspected fraud
- Under the IRS whistleblower program, awards are available for information leading to the collection of unpaid taxes exceeding what threshold? → $2 million in disputed amounts
- Which of the following best describes a key competency required for third-party compliance management in RCMS practice? → Strong analytical skills combined with effective communication and ethical judgment
- Which document serves as the primary written record of an organization's compliance policies, procedures, and standards? → Compliance manual
- What is residual risk? → Risk that remains after controls.
- Under HIPAA, covered entities must maintain documentation of their privacy policies and procedures for how long? → 6 years from creation or last effective date, whichever is later
- Which act mandates financial transparency and fraud prevention? → Sarbanes-Oxley Act.
- In the context of RCMS certification, what is the most important consideration when implementing investigation & remediation procedures? → Ensuring alignment with established standards, stakeholder needs, and best practices
- Which internal control specifically helps detect ghost employee fraud in payroll? → Periodic reconciliation of payroll records to HR-approved employee lists
- A company's compliance program should include a financial fraud risk assessment that is performed at minimum: → Periodically and when significant organizational changes occur
- What is the purpose of regulatory frameworks in compliance management? → To ensure adherence to laws and standards.
- What is the consequence of poor compliance? → Legal penalties.
- What does the 'fraud triangle' model identify as the three elements necessary for occupational fraud to occur? → Pressure, opportunity, and rationalization
- What is the relationship between ethics and corporate governance? → Ethics guides behavior; governance ensures compliance.
- When a compliance report submitted to a regulator contains material misstatements, what category of risk does this create? → Legal, regulatory, and potentially criminal risk in addition to reputational risk
- What is the primary purpose of corporate governance? → To ensure accountability and transparency.
- What is the primary purpose of a Suspicious Activity Report (SAR) filed with FinCEN? → To alert law enforcement of potentially illegal financial activity
- Which is an example of an internal control? → Reconciliation of accounts.
- Which internal control is most effective at preventing check tampering fraud? → Segregation of duties between check preparation and authorization
- Which agency administers the whistleblower program under the Commodity Exchange Act (CEA)? → Commodity Futures Trading Commission (CFTC)
- What is the first step in implementing a compliance program? → Conducting a risk assessment.
- Which internal control helps prevent fraud? → Segregation of duties.
- Which of the following best describes an 'open door' reporting policy in a compliance program? → Employees may report concerns to any level of management without fear of reprisal
- A compliance officer is designing a whistleblower program. Which feature is most critical to encourage reporting? → Anonymity and anti-retaliation protections
Turn these facts into recall: